-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Dear all,

This is to announce a new release of X2Go Client for Windows.

This is the 4th release of X2Go Client 4.0.3.2 for Windows. The 3rd release was 4.0.3.2-20150301. The changes are relative to that release.

The changes in this release are: o Windows: Update bundled VcXsrv from 1.15.2.4-xp+vc2013+x2go1 to 1.15.2.5 (X2Go/Arctica Build) The differences relevant to X2Go are: + VcXsrv's bundled version of openssl was updated from 1.0.1k to 1.0.1m (Fixes the multiple CVEs announced on 2015-03-19) + VcXsrv's bundled version of libXfont was updated from 1.4.8 to 1.4.9 (Fixes CVE-2015-1802 through CVE-2015-1804) o Windows: Update bundled Win32 OpenSSL from 1.0.1L to 1.0.1m, which fixes the multiple CVEs announced on 2015-03-19. o Windows: Update bundled PuTTY from 0.63 to 0.64. In addition to other changes, CVE-2015-2157 has been fixed. o Windows: Update bundled Cygwin openssl from 1.0.1k-1 to 1.0.2a-1. This update fixes the multiple CVEs announced on 2015-03-19

As with most vulnerabilities in 3rd party software, the X2Go project has not done an analysis of whether X2Go Client was actually affected by these vulnerabilities. However, as a precaution, we strongly encourage all users to update.

For the Windows-specific release notes for this release, see this page: http://wiki.x2go.org/doku.php/doc:release-notes-mswin:x2goclient-4.0.3.2

Regards, Mike DePaulo -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux)

iF4EAREIAAYFAlUYhZMACgkQIFy22CVQsiuVbgEAkqGY2ET44BZ1QE2YFtnPmqK3 CMEvvH6BP21+eDavW9EA/3kCqUdjXZaX2y6RHRKfwiDB24ZQ0W8PPjn2LIpn4qZL =njzz -----END PGP SIGNATURE-----